The wired local area network is generally a broadcast-type network, in which data sent by one node can be received by all the other nodes. Individual nodes on the network share the channel, which causes great potential safety hazard to the network. An attacker can capture all the data packets on the network as long as he/she accesses the network to monitor, and thus stealing importance information.
The Local Area Network (LAN) defined according to the existing national standard does not provide the method for security access and data secrecy. The user can access the equipment and the resource in the LAN as long as he/she can access the LAN control equipment, such as the switch equipment in the LAN. This did not cause significant potential safety hazard in the application environment of the early-stage wired enterprise LAN; however, with the development of the network on a large scale, the requirement on the privacy of the information by the user is becoming higher and higher, and then it is necessary to realize data security in the data link layer.
In a wired LAN, IEEE realizes the security of the data link layer by performing security enhancement on IEEE 802.3. IEEE 802.1AE provides a data encryption protocol for protection of the Ethernet data, and realizes the safe transmission of information between network entities by employing a safety measure of hop-by-hop encryption. However, this safety measure brings heavy calculation load to the switch equipment in the LAN, and is prone to inducing attack on the switch equipment by an attacker; and the delay of transmitting a data packet from a sender to a receiver will be increased and the efficiency of network transmission is reduced.